Behavior of O365 thick clients (e.g. Outlook, Teams etc) when ForgeRock replaces Azure as an IdP

Hi Team,

We have replaced Azure as an IdP with some other provider by just performing domain federation. So all the O365 thick or thin client triggers our idp for authentication. It was working fine. Recently we have observed the thick clients especially on mobile device is not forcing user for re-authentication once user change password. This is working fine for desktop users. So

  1. do we have any article stating how and who manages the session for thick clients on desktop and laptop. Is it ForgeRock or Azure ?

  2. what is the expected behavior after password reset by user (whether intune on android and IoS should force user for re-authentication or no). Should the user be challenged immediately?

  3. what should be the behavior of desktop thick client e.g. Outlook and Teams

  4. how can we achieve force re-authentication on user password change

Note - On password change by user, it goes to AD first and then to Azure on synchronization. We see the synchronization is happening fine.



Hello @kanchans.mishra

Welcome, and thanks for reaching out to the Community!

I’ve provided here an extensive integration article from this Community site which I hope helps to answer your questions.

This Knowledge Base article may be helpful as well:

I hope you find this information helpful!

Warm Regards,